Data Source: awsIdentitystoreGroup
Use this data source to get an Identity Store Group.
Example Usage
import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsSsoadminInstancesExample =
new aws.dataAwsSsoadminInstances.DataAwsSsoadminInstances(
this,
"example",
{}
);
const dataAwsIdentitystoreGroupExample =
new aws.dataAwsIdentitystoreGroup.DataAwsIdentitystoreGroup(
this,
"example_1",
{
alternateIdentifier: {
uniqueAttribute: {
attributePath: "DisplayName",
attributeValue: "ExampleGroup",
},
},
identityStoreId: `\${tolist(${dataAwsSsoadminInstancesExample.identityStoreIds})[0]}`,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsIdentitystoreGroupExample.overrideLogicalId("example");
new cdktf.TerraformOutput(this, "group_id", {
value: dataAwsIdentitystoreGroupExample.groupId,
});
Argument Reference
The following arguments are required:
identityStoreId
- (Required) Identity Store ID associated with the Single Sign-On Instance.
The following arguments are optional:
alternateIdentifier
(Optional) A unique identifier for the group that is not the primary identifier. Conflicts withgroupId
andfilter
. Detailed below.filter
- (Optional, Deprecated use thealternateIdentifier
attribute instead) Configuration block for filtering by a unique attribute of the group. Detailed below.groupId
- (Optional) The identifier for a group in the Identity Store.
-> Exactly one of the above arguments must be provided. Passing both filter
and groupId
is allowed for backwards compatibility.
alternateIdentifier
Configuration Block
The following arguments are supported by the alternateIdentifier
configuration block:
externalId
- (Optional) Configuration block for filtering by the identifier issued by an external identity provider. Detailed below.uniqueAttribute
- (Optional) An entity attribute that's unique to a specific entity. Detailed below.
-> Exactly one of the above arguments must be provided.
externalId
Configuration Block
The following arguments are supported by the externalId
configuration block:
id
- (Required) The identifier issued to this resource by an external identity provider.issuer
- (Required) The issuer for an external identifier.
filter
Configuration Block
\~> The filter
configuration block has been deprecated. Use alternateIdentifier
instead.
The following arguments are supported by the filter
configuration block:
attributePath
- (Required) Attribute path that is used to specify which attribute name to search. Currently,displayName
is the only valid attribute path.attributeValue
- (Required) Value for an attribute.
uniqueAttribute
Configuration Block
The following arguments are supported by the uniqueAttribute
configuration block:
attributePath
- (Required) Attribute path that is used to specify which attribute name to search. For example:displayName
. Refer to the Group data type.attributeValue
- (Required) Value for an attribute.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- Identifier of the group in the Identity Store.description
- Description of the specified group.displayName
- Group's display name value.externalIds
- List of identifiers issued to this resource by an external identity provider.id
- The identifier issued to this resource by an external identity provider.issuer
- The issuer for an external identifier.